> I don't think this is sufficient -- there must> be protection against arbitrary SHM_LOCKs.

Why? We already have ulimits do that...

> How about the following:>> For *both* SHM_LOCK and SHM_UNLOCK, the process should either> be the owner or the creator of the object or have the> CAP_IPC_LOCK capability.

It makes a lot of sense, but I don't know whether or notit'd break any applications...

-- "Debugging is twice as hard as writing the code in the first place.Therefore, if you write the code as cleverly as possible, you are,by definition, not smart enough to debug it." - Brian W. Kernighan-To unsubscribe from this list: send the line "unsubscribe linux-kernel" inthe body of a message to majordomo@vger.kernel.orgMore majordomo info at http://vger.kernel.org/majordomo-info.htmlPlease read the FAQ at http://www.tux.org/lkml/